Introduction to HCL® AppScan® Source

HCL® AppScan® Source delivers maximum value to every user in your organization who plays a role in software security. Whether a security analyst, quality assurance professional, developer, or executive, the AppScan® Source products deliver the functionality, flexibility, and power you need - right to your desktop.

The product set includes:

• AppScan® Source for Analysis: Workbench to configure applications and projects, scan code, analyze, triage, and take action on priority vulnerabilities.
• AppScan® Source for Automation: Allows you to automate key aspects of the AppScan® Source workflow and integrate security with build environments during the software development life cycle.
• AppScan® Source for Development: Developer plug-ins integrate many AppScan® Source for Analysis features into Microsoft™ Visual Studio, the Eclipse workbench, and Rational® Application Developer for WebSphere® Software (RAD). This allows software developers to find and take action on vulnerabilities during the development process. The Eclipse plug-in allows you to scan source code for security vulnerabilities - and you can scan IBM® MobileFirst Platform projects with the Eclipse plug-in.

To enhance the value of AppScan® Source within your organization, the products include these components:

• AppScan® Source Security Knowledgebase: In-context intelligence on each vulnerability, offering precise descriptions about the root cause, severity of risk, and actionable remediation advice.
• AppScan® Enterprise Server: Most AppScan® Source products and components must communicate with an AppScan® Enterprise Server. Without one, you can use AppScan® Source for Development in local mode and/or AppScan® Source for Analysis in standalone mode.

  The server provides centralized user management capabilities and a mechanism for sharing assessments. The server includes an optional Enterprise Console component. If your administrator installs this component, you can publish assessments to it from AppScan® Source for Analysis, AppScan® Source for Automation, and the AppScan® Source command line interface (CLI). The Enterprise Console offers a variety of tools for working with your assessments - such as reporting features, issue management, trend analysis, and dashboards.

  Important: For some versions of AppScan® Source and AppScan® Enterprise, the version and release level of the two products must match in order to connect from AppScan® Source to the AppScan® Enterprise Server. See System requirements and installation prerequisites to learn more about system requirements and compatibilities.
  Note:

  • As of version 9.0.3.11, AppScan® Source no longer supports macOS or iOS Xcode scanning.
  • AppScan® Enterprise Server is not supported on macOS.
  • If you have a basic server license, the server may only be accessed by up to ten (10) concurrent connections from AppScan® products. With a premium server license, unlimited connections are allowed.

This Software Offering does not use cookies or other technologies to collect personally identifiable information.